1. Field of the Invention
The present invention relates to a storage control device, host interface control unit of a storage control device, and information protection method of a storage control device.
2. Description of the Related Art
The storage control device is, for example, disk drives such as hard disk drives, disposed in an array, and providing a storage area based on RAID (Redundant Array of Inexpensive Disks) to the host computer (hereafter referred to as ‘the host’). The host accesses, and reads and writes data to and from, the logical storage area provided by the storage control device.
Fiber Channel Protocol and iSCSI (internet Small Computer System Interface), for example, are known as protocols for communications between the storage control device and the host. With iSCSI, the storage control device can be accessed via an IP network such as the Internet by encapsulating SCSI commands into TCP/IP packets.
However, since various information employed by institutions such as industry, financial institutions, government institutions, and educational institutions is stored in storage control devices, protection from illegal access to this information is necessary. Therefore, technology has been proposed with which, for example, the association between a WWN (World Wide Name) and port identification information, or the association between a WWN and a LUN (Logical Unit Number) is described in a table beforehand, and approval or denial of access is controlled while referencing this table (Japanese Unexamined Patent Publication No. H10-333839, Japanese Unexamined Patent Publication No. 2001-265655).
On the other hand, in this case of iSCSI using a TCP/IP network, technology has also been proposed with which the MAC (Media Access Control) address is employed to evaluate whether or not a host has access privileges (Japanese Unexamined Patent Publication No. 2005-134961).
When transferring data using iSCSI and TCP/IP networks, packet monitoring by a third party must also be considered. Therefore, for example, the use of encrypted communications technology such as IPSec (IP Security) to encrypt the content of communications between the host and the storage control device is considered.
When encrypting communications, information employed in encryption of communications such as the encryption key and method of encryption (encryption algorithm) must be held at both the host and the storage control device. The storage control device has one or a plurality of communications control boards conducting communications with the host, and information employed in encrypted communications is stored in the memory on this communications control board. For example, when the communications control board is removed from the storage control device for maintenance and the like, the memory storing information employed in encrypted communications is also removed away from the storage control device. When the memory on the removed communications control board is accessed by a third party and the information extracted, there is a possibility that content of subsequent communications between the host and the storage control device will be surreptitiously viewed or altered for fraudulent purposes.